Impact
Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users.
Patches
It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28)
Workarounds
References
For more information
If you have any questions or comments about this advisory:
Impact
Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users.
Patches
It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28)
Workarounds
References
For more information
If you have any questions or comments about this advisory: